Sign-up

ID

VAR-201904-0436


CVE

CVE-2019-1830


TITLE

Cisco Wireless LAN Controller Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003519

DESCRIPTION

A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device. Cisco Wireless LAN Controller (WLC) Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvj07995. This product provides functions such as security policy and intrusion detection in wireless LAN. Locally Significant Certificate (LSC) management is one of the important local certificate management components. The LSC management component in Cisco WLC Software has an input validation error vulnerability, which is caused by the network system or product not properly validating the input data

Trust: 1.98

sources: NVD: CVE-2019-1830 // JVNDB: JVNDB-2019-003519 // BID: 108028 // VULHUB: VHN-150632

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.3.150.0

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.8.100.0

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:gteversion:8.5.131.0

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:gteversion:8.6.101.0

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:ltversion:8.5.140.0

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:wireless lan controllersscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:eqversion:55008.7(100.0)

Trust: 0.3

sources: BID: 108028 // JVNDB: JVNDB-2019-003519 // NVD: CVE-2019-1830

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1830
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1830
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1830
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-852
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150632
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1830
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150632
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1830
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-150632 // JVNDB: JVNDB-2019-003519 // CNNVD: CNNVD-201904-852 // NVD: CVE-2019-1830 // NVD: CVE-2019-1830

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-150632 // JVNDB: JVNDB-2019-003519 // NVD: CVE-2019-1830

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-852

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-852

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003519

PATCH
title:cisco-sa-20190417-wlc-cert-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-cert-dos
Trust: 0.8
title:Cisco Wireless LAN Controller Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91686
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003519 // 
            
            
            
            CNNVD: CNNVD-201904-852

EXTERNAL IDS
db:NVDid:CVE-2019-1830
Trust: 2.8
db:BIDid:108028
Trust: 2.0
db:JVNDBid:JVNDB-2019-003519
Trust: 0.8
db:CNNVDid:CNNVD-201904-852
Trust: 0.7
db:AUSCERTid:ESB-2019.1333
Trust: 0.6
db:VULHUBid:VHN-150632
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150632 // 
            
            
            
            BID: 108028 // 
            
            
            
            JVNDB: JVNDB-2019-003519 // 
            
            
            
            CNNVD: CNNVD-201904-852 // 
            
            
            
            NVD: CVE-2019-1830

REFERENCES
url:http://www.securityfocus.com/bid/108028
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-wlc-cert-dos
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1830
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1830
Trust: 0.8
url:https://www.auscert.org.au/bulletins/79298
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-wireless-lan-controller-denial-of-service-via-locally-significant-certificate-29089
Trust: 0.6
sources:
            
            
            VULHUB: VHN-150632 // 
            
            
            
            BID: 108028 // 
            
            
            
            JVNDB: JVNDB-2019-003519 // 
            
            
            
            CNNVD: CNNVD-201904-852 // 
            
            
            
            NVD: CVE-2019-1830

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 108028

SOURCES
db:VULHUBid:VHN-150632
db:BIDid:108028
db:JVNDBid:JVNDB-2019-003519
db:CNNVDid:CNNVD-201904-852
db:NVDid:CVE-2019-1830

LAST UPDATE DATE
2024-11-23T22:17:05.497000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150632date:2019-10-09T00:00:00
db:BIDid:108028date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003519date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-852date:2019-04-24T00:00:00
db:NVDid:CVE-2019-1830date:2024-11-21T04:37:29.260

SOURCES RELEASE DATE
db:VULHUBid:VHN-150632date:2019-04-18T00:00:00
db:BIDid:108028date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003519date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-852date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1830date:2019-04-18T02:29:05.653